2
What is a software audit? Akin to the agency right to audit contractor performance, many software licences include rights for the software vendor to audit customer use see, for example, SourceIT (Licence and Support) What risks do software audits pose? They apply to all customers (agencies, corporates, individuals) Risks highlighted by a recent audit which revealed a breach of licence numbers and user types. Likely consequences of a similar breach: public administration time, adviser costs, “not the model contractor”, damages or (if lucky) unfunded additional licence fees Software audits – an increasing reality

3
 65% of respondents in a 2012 Gartner survey said they had been audited by at least one software vendor during the past 12 months Gartner's report Software Vendor Auditing Trends May 23 2012.  Vendors reported as auditing software licence compliance most frequently were: Adobe, Attachmate, Autodesk, IBM, Infor, Informatica, Microsoft, Oracle, SAP, Symantec and Vmware  Why not – just leave the audit provisions out of the software licence?  does not protect from the consequences of a licence breach  no agreed framework for conducting the audit  increases the costs of responding  most vendors will insist on the clauses Risks posed by software audits are increasing

4
 Type of audit that will be conducted and its risks depend on nature of the software arrangement:  Shrink wrap – you take what terms you get  Click wrap – you take what terms you get  Web-wrap – you take what terms you get Example: Investigations XXX, in its sole discretion, may monitor the Services and Materials at any time. Without limiting the foregoing, XXX shall have the right, in its sole discretion, to remove any of Your Material for any reason (or no reason) Australian Government software framework

5
 Commercial Off-The-Shelf (COTS) products – the agency can influence  Customised software - the agency can influence Agencies are now more likely to be licensees – under the Australian Government IP Rules, the default position is supplier ownership of IP The IP Rules remind us that all FMA Act agencies are responsible for ensuring that software is used, managed and protected appropriately  Step 1 to appropriate management is to clearly define the terms of use  Sounds easy!  The core of a standard licence clause reveals the challenge: Controlling the software licence terms

6
The vendor: (a) grants the customer a perpetual, irrevocable, world-wide, non-exclusive, royalty-free licence to: (i) install the Software [where?]; (ii) modify the Software so it can be used on the Customer’s System; (iii) use and communicate each part of the Software; and (iv) make copies of the Software for backup and security purposes; and (b) authorises the Customer to sublicense to third parties the above rights solely for the benefit of the Customer But where can the Software be installed? Is the licence an enterprise-wide licence or a user based licence? What is a user? Licence clause and gaps that need attention

7
The Software should be defined to include Updates and New Releases adopted by the Customer. And as painstaking as it is, the attachments to the licence terms should:  describe the Software:  describe the Customer's Existing System (equipment or platform) on which the Software is to be installed or used Filling in the gaps: critical licence clarifications Equipment/platformLocation SoftwareVersion No.No. copiesFormat

8
 The licence must also describe:  Is this an enterprise-wide licence? If not,  How many licensed users – or how many licensed “uses” And the real licence included more explanatory provisions re fees The final critical gap – how many users? Concurrent User Band Number of Concurrent licensed users 0-15001501- 30003001 - 45004501 – and above Fee per concurrent user 10,0008,0006,0004,000

9
With one note, include nothing less than: SourceIT based: Audit of use (a)The Contractor may annually, or at such other times as agreed between the parties, audit the Customer’s use of the Software by giving the Customer at least 28 days notice. (b)An audit must only be conducted while a representative of the Customer is present, unless agreed otherwise between the parties in writing. (c)Each party must bear its own costs of any audit under clause 6.5(a). Note: can your agency comply with this? Once the terms of use are clear – tidy the audit rights

10
But also consider:  A provision that says audit may only be conducted of previous year and if audit not exercised, right to claim loss or to true up is lost  A true up provision that says customer will pay additional licence fees, as total compensation, if audit reveals excessive licence use.  A provisions that says if vendor discovers, or reasonably suspects, incorrect use, it will notify the customer promptly and will seek to mitigate vendor losses Supplement those audit rights

11
Assuming the licence terms are clear, and the contract management is good, there is no need to fear the audit The final question should be: have management processes been put in place to monitor and control:  the number of users (and type of users)?  the reproduction of the software so it only occurs on approved systems? Do you have an IP/software licence register? Do you have automated systems to assist in auditing? But it is not possible to avoid all risk, especially if you have to accept standard vendor terms …… The best medicine is to stay well

13
 s31  Nature of copyright in original works (1) For the purposes of this Act, unless the contrary intention appears, copyright, in relation to a work, is the exclusive right:copyrightwork  (a) in the case of a literary, dramatic or musical work, to do all or any of the following acts:musical work  (i) to reproduce the work in a material form;workmaterial form  (ii) to publish the work;work  (iii) to perform the work in public;performwork  (iv) to communicate the work to the public;communicateworkto the public  (vi) to make an adaptation of the work;adaptationwork Copyright Act 1968

14
 "literary work" includes:  (a) a table, or compilation, expressed in words, figures or symbols; and  (b) a computer program or compilation of computer programs.computer programcomputer programs  "computer program" means a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result. directlyindirectlyorder Copyright Act 1968

15
 s36  Infringement by doing acts comprised in the copyright  (1) Subject to this Act, the copyright in a literary, dramatic, musical or artistic work is infringed by a person who, not being the owner of the copyright, and without the licence of the owner of the copyright, does in Australia, or authorizes the doing in Australia of, any act comprised in the copyright.copyrightartistic workcopyrightlicencecopyrightAustralia authorizesAustraliacopyright Copyright Act 1968

16
 7. General Liability and Professional Indemnity  If you are legally liable to pay compensation for  …  infringement of copyright, title or slogan, passing off or breach of intellectual property rights (including moral rights), or  …  and  the claim for loss was made against you during your period of cover, and reported to Comcover during that period of cover or as soon as reasonably practicable  then  we will indemnify you for all damages or judgments, and defence costs Comcover Statement of Cover

17
 Exclusions  We will not pay for  …  any liability arising out of your breach of contract unless liability would have arisen in the absence of that breach Comcover Statement of Cover

18
 s183 - Use of copyright material for the services of the Crown  (1) The copyright in a literary, dramatic, musical or artistic work or a published edition of such a work, or in a sound recording, cinematograph film, television broadcast or sound broadcast, is not infringed by the Commonwealth or a State, or by a person authorized in writing by the Commonwealth or a State, doing any acts comprised in the copyright if the acts are done for the services of the Commonwealth or State.copyrightartistic workworksoundrecordingcinematograph filmtelevision broadcastsound broadcastthe Commonwealthauthorizedthe Commonwealthcopyrightthe Commonwealth  (5) Where an act comprised in a copyright has been done under subsection (1), the terms for the doing of the act are such terms as are, whether before or after the act is done, agreed between the Commonwealth or the State and the owner of the copyright or, in default of agreement, as are fixed by the Copyright Tribunal.copyrightthe CommonwealthownercopyrightCopyright Copyright Act 1968

19
 Use and infringement  Quantum – licence fees, back maintenance, interest  Delay  How to avoid or manage a claim  Documentation and record keeping  Regular internal audits  Choice of suppliers  Get advice early Issues that might arise after an audit and in a claim